The government’s charge to slash public spending by £17 billion between now and 2014 is a task I do not envy. While it’s been acknowledged that technology can play a part in this process, the role of security has been somewhat overlooked.
In recent years the public sector has been rife with high profile data losses and security breaches: consider that in 2008 fraud in this sector alone cost UK taxpayers £17.6 billion, and accounted for 58 per cent of all fraud loss, according to the National Fraud Authority.
Experian has recently estimated that £1 billion of those fraud losses could be tackled in the near term through better controls and more accurate data matching in environments such as call centres. In fact, the UK public sector works with hundreds of call centres for a range of services such as child benefits, council tax, parking permits, etcetera.
In this article, we will explore security’s role in cutting costs via the call centre operation. Specifically, we’ll take a look at how private sector organisations have been reducing costs through their call centre operations and what public sector IT managers can learn from them in order to meet the daunting budget goals that they have been set.
Taking a micro view
In recent years, we’ve seen financial services companies investing heavily to ensure that call centre environments that enable access to personal financial data are better protected. In tandem, they continue to be equally focused on reducing caller verification time in order to lessen the overall cost of running the centres.
For example, a FTSE100 retail bank in the UK recently managed to reduce its call handling times in selected circumstances by up to 30 percent through the use of a knowledge-based verification process to validate user identities.
Speeding up the verification process whilst ensuring calls are still secure can be challenging. There are of course many areas for consideration within call centres, including a layered approach to security, efficient archiving and storage. However, for the sake of this article we’ll focus on a few key learnings from the private sector and pitfalls to avoid.
Since the beginning of the year, we have uncovered several fraudulent call centres. The incentive to target the telephone channel for the purposes of committing fraud has increased due to the extensive efforts made by various business sectors to improve consumer authentication within the online channel.
In response to the increase in phone channel fraud, many financial services organisations have begun to implement additional layers of security in this channel.
However, public sector organisations should not wait for the next threat to present itself. It is crucial that they take a look at how fraudsters have been successful so far and plan ahead to mitigate attacks before they occur.
While technology vendors and end-users seek new and innovative technologies to protect confidential data, the fraudsters are equally focussed on finding new ways to circumvent these evolving defences.
Use dynamic data
A major challenge in creating a robust identify verification process lies in selecting the types of information that the process will rely on: static data, such as birth-dates, mothers’ maiden names, NHS numbers, is far too freely available, and can be easily accessed by any number of third parties.
Organisations would be better advised to use a variety of dynamic data involving behavioural patterns, because it is more difficult for fraudsters to gather such data through phishing and go on to exploit it elsewhere.
For instance, whenever the child support agency calls, the operator asks me several questions pertaining to my national insurance number, date of birth, address, the name of my child, the name of my bank, etcetera.
Unfortunately, these questions are based on static data, leaving customers like me vulnerable and the organisation itself at a potential financial disadvantage. It is also frustrating for the customer, who won’t know what the call is about until he/she has passed the verification process.
Instead, the operator’s question engine should include top-of-mind questions, such as: what is the last city you lived in; which of these addresses are you closely associated with; which of these names have you shared a house with? Intelligent questioning that incorporates actual non-financial customer data that is not easily found through searching the internet is statistically more difficult to beat for fraudsters.
Running this sort of verification process via a third-party service with question databases and processes already in place removes the chances for fraudsters to social engineer this information.
Don’t get locked down online
Many companies are driving sales and service from face-to-face to lower-cost channels, such as the internet and the call centre, but despite its many advantages, remote commerce also comes with risk.
Six million citizens process their taxes online, but if they changed their mind tomorrow and wanted instead to process their taxes via paper, they wouldn’t be able to. This shift to online has resulted in many organisations closing some resources that were previously processed in paper. As cost-effective as this might be, people still like to have a choice based on what is convenient at the time.
In addition, many organisations have a disconnect between their online and phone channels, so you need to provide a consistent user experience and security framework across both. All channels need to keep in line with the customer experience in order to lower cost to business overall.
Innovation instead of added spend
Having a robust authentication process doesn’t have to cost more money. For instance, a top enterprise customer in the UK has cut call times with little new technology investment.
It has swapped the usage of look-up verification on one system with a knowledge-based process on the web and via the call centre. It also replaced its browser screen because it felt the previous process wasn’t fully integrated with others. As a result, operators now spend 20 seconds less verifying callers, which already presents healthy savings to the business as a whole.
In conclusion, the government certainly has its work cut out, but reviewing and renewing even the most niche areas such as call centres’ verification process will put it on the right track.
While the public and private sectors ultimately have different goals and challenges, there are similarities worth considering. The call centre scenario is just one and hopefully step by step, we can rise from this time of economic uncertainty.
Paul Briault is head of public sector for RSA, UK & Ireland,the security division of EMC.